One of the most important reasons for implementing vlans is the broadcast limitation it offers. How larger the vlan, the more broadcast traffic. What is best practice? Except from the maximum sizes (broadast traffic limitiations) this is a design-issue and different views are possible, there is no Universal Solution. Therefore, I can only tell you how I do it myself.
Currently my approach is to assign vlans per group of servers. Similar machines are grouped by OS-type or other common characteristics. (all machines for a certain application)
Uservlans can be assigned per floor or per switch. The difficulty of administration increases as vlans are added because your network becomes more complex.
General rule: There need not be more user-vlans than server-vlans.
In a perfect networking environment, clients would be zero hops to their assigned resources. In the olden days of networking, it was not unusual to have departmental servers in the closet, with other connections to central / enterprise resources.
As resources started moving (back) into the Glass Palace, users were farther and farther (from a hop perspective) from their assigned resources.
Using VLANs allows a user' / client's resources to be put into a virtual zero-hop domain, with additional connections (through a Layer3 device) to other centralized resources (like the mail server, Internet gateway, Corporate Web / App server, etc).
While the VLAN environment doesn't have the latency advantage of a physical zero-hop environment, it does provide tighter control and security from a management perspective. Workgroup traffic can be "localized" to the VLAN (and "local" resources, like a file / print server) and properly directed to central or Enterprise resources.
Using VLANs in conjunction with HSRP (Hot Standby Routing Protocol) also can provide some redundancy and load sharing (VLAN A has a primary gateway of Router A, using Router B as a backup , VLAN B uses router B as a primary gateway and Router A as a backup) ... if either router or path drops, the clients are automatically shunted to the backup router ... with minimal disruption.
VLANs should not be implemented without a fair amount of planning. done properly, VLANs can be a Very Good Thing ... done poorly, without planning, off-the-cuff they can be your worst nightmare (troubleshooting).
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...